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"It's a first things first list," said Alan Paller, head of the Sans Institute, a non-profit 
group which trains and certifies computer security professionals. 
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changes in the Top 20 when organisations 
get to the point of finding and fixing vulnerabilities automatically. 


Shrinking holes 


Gerhard Eschelbeck who studies vulnerabilities for online security firm Qualys said: 
"It gives people a benchmark to measure themselves against." 


He said that better information about vulnerabilities popular with the virus writing and 
hacking communities can help organisations protect themselves. 


"The underground knows this data very well," he said. "We want to level the playing 
field here between the guys that have the data and the bad intentions and the people 
that need to know about this so they can do their job effectively." 


Mr Eschelbeck's work on vulnerabilities shows that every 21 days, on average, the 
number of web-facing systems vulnerable to a particular loophole shrinks by 50% as 
people patch machines. 
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